Closed
Bug 430814
Opened 16 years ago
Closed 16 years ago
Crash [@ nsStyleContext::GetStyleDisplay] while trying to print
Categories
(Core :: Layout: Tables, defect)
Tracking
()
VERIFIED
FIXED
mozilla1.9
People
(Reporter: martijn.martijn, Assigned: MatsPalmgren_bugz)
Details
(Keywords: crash, testcase, verified1.8.1.15, Whiteboard: [sg:critical?])
Crash Data
Attachments
(2 files)
300 bytes,
application/xhtml+xml
|
Details | |
1.59 KB,
patch
|
bernd_mozilla
:
review+
roc
:
superreview+
dveditz
:
approval1.8.1.15+
mconnor
:
approval1.9+
|
Details | Diff | Splinter Review |
See testcase, when clicking on the print button and then printing something, current trunk builds of Mozilla crash. http://crash-stats.mozilla.com/report/index/8f00214c-12df-11dd-92b9-001cc4e2bf68?p=1 0 xul.dll nsIFrame::GetStyleDisplay nsStyleStructList.h:95 1 xul.dll nsCSSRendering::PaintBackgroundWithSC mozilla/layout/base/nsCSSRendering.cpp:3448 2 xul.dll TableBackgroundPainter::PaintCell mozilla/layout/tables/nsTablePainter.cpp:634 3 xul.dll TableBackgroundPainter::PaintRow mozilla/layout/tables/nsTablePainter.cpp:590 4 xul.dll TableBackgroundPainter::PaintRowGroup mozilla/layout/tables/nsTablePainter.cpp:530 5 xul.dll TableBackgroundPainter::PaintTable mozilla/layout/tables/nsTablePainter.cpp:446 6 xul.dll nsTableFrame::PaintTableBorderBackground mozilla/layout/tables/nsTableFrame.cpp:1469 7 xul.dll nsDisplayTableBorderBackground::Paint mozilla/layout/tables/nsTableFrame.cpp:1318 8 xul.dll nsDisplayList::Paint mozilla/layout/base/nsDisplayList.cpp:296 9 xul.dll nsLayoutUtils::PaintFrame mozilla/layout/base/nsLayoutUtils.cpp:988 10 xul.dll nsPageFrame::PaintPageContent mozilla/layout/generic/nsPageFrame.cpp:562 11 xul.dll PaintPageContent mozilla/layout/generic/nsPageFrame.cpp:403 12 xul.dll nsDisplayGeneric::Paint mozilla/layout/base/nsDisplayList.h:862 13 xul.dll nsDisplayList::Paint mozilla/layout/base/nsDisplayList.cpp:296 14 xul.dll nsLayoutUtils::PaintFrame mozilla/layout/base/nsLayoutUtils.cpp:988 15 xul.dll nsSimplePageSequenceFrame::PrintNextPage mozilla/layout/generic/nsSimplePageSequence.cpp:647 16 xul.dll nsPrintEngine::PrintPage mozilla/layout/printing/nsPrintEngine.cpp:2368 17 xul.dll nsPagePrintTimer::Notify mozilla/layout/printing/nsPagePrintTimer.cpp:90 18 xul.dll nsTimerImpl::Fire mozilla/xpcom/threads/nsTimerImpl.cpp:403 19 xul.dll nsTimerEvent::Run mozilla/xpcom/threads/nsTimerImpl.cpp:490 20 xul.dll nsThread::ProcessNextEvent mozilla/xpcom/threads/nsThread.cpp:510 21 xul.dll nsBaseAppShell::Run mozilla/widget/src/xpwidgets/nsBaseAppShell.cpp:170 22 nspr4.dll PR_GetEnv 23 firefox.exe wmain mozilla/toolkit/xre/nsWindowsWMain.cpp:87 24 firefox.exe firefox.exe@0x217f 25 kernel32.dll BaseProcessStart
Reporter | ||
Comment 1•16 years ago
|
||
Assignee | ||
Updated•16 years ago
|
OS: Windows XP → All
Whiteboard: [sg:critical?]
Assignee | ||
Comment 2•16 years ago
|
||
Wallpaper, until we find the real bug... This file already have this wallpaper in another place: http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/layout/tables/nsTablePainter.cpp&rev=3.25&root=/cvsroot&mark=413-415#408
Attachment #317773 -
Flags: review?(bernd_mozilla)
Updated•16 years ago
|
Group: security
Comment on attachment 317773 [details] [diff] [review] wallpaper The cited url was not wallpapering over a bug but rather defensive programming. I had a good share of crash bugs (one of them being a top crasher) after fantasai's paint patch landed, so the idea was to have a rather drastic assertion message that will ring all bells instead of having a exploitable array boundary violation. I will do the core fix and then check if ff2 is also vulnerable.
Attachment #317773 -
Flags: review?(bernd_mozilla) → review+
Assignee | ||
Updated•16 years ago
|
Attachment #317773 -
Flags: superreview?(roc)
Attachment #317773 -
Flags: superreview?(roc) → superreview+
Assignee | ||
Updated•16 years ago
|
Attachment #317773 -
Flags: approval1.9?
Comment 4•16 years ago
|
||
Comment on attachment 317773 [details] [diff] [review] wallpaper a=mconnor on behalf of 1.9 drivers
Attachment #317773 -
Flags: approval1.9? → approval1.9+
Assignee | ||
Comment 5•16 years ago
|
||
mozilla/layout/tables/nsTablePainter.cpp 3.26 Filed bug 431087 on fixing the real bug. -> FIXED
Assignee: nobody → mats.palmgren
Target Milestone: --- → mozilla1.9
Assignee | ||
Updated•16 years ago
|
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 6•16 years ago
|
||
Comment on attachment 317773 [details] [diff] [review] wallpaper The testcase does not crash 2.0.0.14 on XP/Linux/OSX, but the code looks the same on branch. The patch is trivial so it might be worth taking just in case...
Attachment #317773 -
Flags: approval1.8.1.15?
Updated•16 years ago
|
Flags: in-testsuite?
> he patch is trivial so it might be worth taking just in case...
Exactly this should go onto branch, there is no need for gambling there.
Comment 8•16 years ago
|
||
Comment on attachment 317773 [details] [diff] [review] wallpaper approved for 1.8.1.15, a=dveditz for release-drivers
Attachment #317773 -
Flags: approval1.8.1.15? → approval1.8.1.15+
Comment 9•16 years ago
|
||
verified fixed using Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9pre) Gecko/2008042806 Minefield/3.0pre. No crash with the testcase.
Status: RESOLVED → VERIFIED
Assignee | ||
Comment 10•16 years ago
|
||
Checked in on MOZILLA_1_8_BRANCH: mozilla/layout/tables/nsTablePainter.cpp 3.13.6.1
Keywords: fixed1.8.1.15
Comment 11•16 years ago
|
||
Mats can we change the assert to something less draconian? Like a warning for a "nsTablePainter error" I will know what it means. This bug should stay closed till bug 424377 is fixed.
Comment 12•16 years ago
|
||
Verified that the code got checked in. Also verified no crash in 2.0.0.14 and 2.0.0.15 (as said before).
Keywords: fixed1.8.1.15 → verified1.8.1.15
Updated•16 years ago
|
Group: security
Updated•13 years ago
|
Crash Signature: [@ nsStyleContext::GetStyleDisplay]
You need to log in
before you can comment on or make changes to this bug.
Description
•